From 4065e6ffff873bd9da8a3e81e9d12b9b292b37d7 Mon Sep 17 00:00:00 2001
From: Larry Gritz <lg@larrygritz.com>
Date: Fri, 14 Feb 2025 13:32:13 -0800
Subject: [PATCH] fix(ico): More robust to corrupted ICO files (#4625)

Signed-off-by: Larry Gritz <lg@larrygritz.com>
---
 src/ico.imageio/icoinput.cpp |  13 +++++++++++++
 testsuite/ico/ref/out.txt    |   1 +
 testsuite/ico/run.py         |   7 ++++++-
 testsuite/ico/src/bad1.ico   | Bin 0 -> 69 bytes
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 testsuite/ico/src/bad1.ico

diff --git a/src/ico.imageio/icoinput.cpp b/src/ico.imageio/icoinput.cpp
index 44cda26001..c0fe860036 100644
--- a/src/ico.imageio/icoinput.cpp
+++ b/src/ico.imageio/icoinput.cpp
@@ -190,6 +190,19 @@ ICOInput::seek_subimage(int subimage, int miplevel)
         swap_endian(&subimg.numColours);
     }
 
+    // some sanity checking
+    if (subimg.bpp != 1 && subimg.bpp != 4 && subimg.bpp != 8
+        && subimg.bpp != 16 && subimg.bpp != 24 && subimg.bpp != 32) {
+        errorfmt("Unsupported image color depth, probably corrupt file");
+        return false;
+    }
+    if (subimg.reserved != 0) {
+        errorfmt(
+            "Probably corrupt file (clue: header 'reserved' value should always be 0)",
+            subimg.reserved);
+        return false;
+    }
+
     ioseek(subimg.ofs, SEEK_SET);
 
     // test for a PNG icon
diff --git a/testsuite/ico/ref/out.txt b/testsuite/ico/ref/out.txt
index 6272454fe8..b78639c7ee 100644
--- a/testsuite/ico/ref/out.txt
+++ b/testsuite/ico/ref/out.txt
@@ -45,3 +45,4 @@ Reading ../oiio-images/ico/oiio.ico
     oiio:BitsPerSample: 8
 Comparing "../oiio-images/ico/oiio.ico" and "oiio.ico"
 PASS
+iconvert ERROR: Unsupported image color depth, probably corrupt file
diff --git a/testsuite/ico/run.py b/testsuite/ico/run.py
index a329ce1790..44df1bda9b 100755
--- a/testsuite/ico/run.py
+++ b/testsuite/ico/run.py
@@ -4,4 +4,9 @@
 # SPDX-License-Identifier: Apache-2.0
 # https://github.com/AcademySoftwareFoundation/OpenImageIO
 
-command = rw_command (OIIO_TESTSUITE_IMAGEDIR, "oiio.ico")
+failureok = 1
+redirect = ' >> out.txt 2>&1 '
+
+command += rw_command (OIIO_TESTSUITE_IMAGEDIR, "oiio.ico")
+command += run_app (oiio_app("iconvert") + " src/bad1.ico out.tif")
+
diff --git a/testsuite/ico/src/bad1.ico b/testsuite/ico/src/bad1.ico
new file mode 100644
index 0000000000000000000000000000000000000000..31725f57e1ee74e39cf91869adf2d4955b9a4355
GIT binary patch
literal 69
zcmZQzU}RumWO>2N!0-adU|@K_!T<#ItU#idl@TZa0bl_r^V5HrC?gj$O9KN300#31
AWdHyG

literal 0
HcmV?d00001